package com.coinworld.filter;


import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.coinworld.config.XssHttpServletRequestWrapper;
import com.coinworld.object.HttpJsonResult;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @description
 * @author:
 * @create: 2019-08-14 14:08
 **/
@Slf4j
public class XssFilter implements Filter {

    FilterConfig filterConfig = null;

    @Override
    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        //对请求进行拦截,防xss处理
        String method = "GET";
        String param = "";
        XssHttpServletRequestWrapper xssRequest = null;
        if (request instanceof HttpServletRequest) {
            method = ((HttpServletRequest) request).getMethod();
            xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
        }
        if ("POST".equalsIgnoreCase(method)) {
            param = getBodyString(xssRequest.getReader());
            if(StringUtils.isNotBlank(param)){
                boolean isCheck = true;
                try {
                    JSONObject paramObj = JSONObject.parseObject(param);
                    String encrypt = paramObj.getString("encrypt");
                    if (!StringUtils.isEmpty(encrypt)){
                        isCheck = false;
                    }
                }catch (Exception e){
                    log.error("doFilter parseObj error ",e);
                }
                if (isCheck){
                    if(XssHttpServletRequestWrapper.checkXSSAndSql(param)){
                        response.setCharacterEncoding("UTF-8");
                        response.setContentType("application/json;charset=UTF-8");
                        PrintWriter out = response.getWriter();
                        out.write(JSON.toJSONString(HttpJsonResult.fail("您所访问的页面请求中有违反安全规则元素存在，拒绝访问")));
                        return;
                    }
                }
            }
        }
        if (xssRequest.checkParameter()) {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json;charset=UTF-8");
            PrintWriter out = response.getWriter();
            out.write(JSON.toJSONString(HttpJsonResult.fail("您所访问的页面请求中有违反安全规则元素存在，拒绝访问")));
            return;
        }
        chain.doFilter(xssRequest, response);
    }

    // 获取request请求body中参数
    public static String getBodyString(BufferedReader br) {
        String inputLine;
        String str = "";
        try {
            while ((inputLine = br.readLine()) != null) {
                str += inputLine;
            }
            br.close();
        } catch (IOException e) {
            System.out.println("IOException: " + e);
        }
        return str;

    }

    @Override
    public void destroy() {
        this.filterConfig = null;
    }

}
